Index: chrome/browser/extensions/api/socket/tls_socket.cc |
diff --git a/chrome/browser/extensions/api/socket/tls_socket.cc b/chrome/browser/extensions/api/socket/tls_socket.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..9f43093abecc603c1bf8ab14cdbdf23f8d6d9922 |
--- /dev/null |
+++ b/chrome/browser/extensions/api/socket/tls_socket.cc |
@@ -0,0 +1,281 @@ |
+// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "chrome/browser/extensions/api/socket/tls_socket.h" |
+ |
+#include "base/callback_helpers.h" |
+#include "base/logging.h" |
+#include "chrome/browser/extensions/api/api_resource.h" |
+#include "net/base/address_list.h" |
+#include "net/base/ip_endpoint.h" |
+#include "net/base/net_errors.h" |
+#include "net/base/rand_callback.h" |
+#include "net/socket/client_socket_factory.h" |
+#include "net/socket/client_socket_handle.h" |
+#include "net/socket/tcp_client_socket.h" |
+#include "net/url_request/url_request_context.h" |
+#include "net/url_request/url_request_context_getter.h" |
+ |
+namespace { |
+ |
+// Returns the SSL protocol version (as a uint16) represented by a string. |
+// Returns 0 if the string is invalid. Pulled from |
+// chrome/browser/net/ssl_config_service_manager_pref.cc. |
+uint16 SSLProtocolVersionFromString(const std::string& version_str) { |
+ uint16 version = 0; // Invalid. |
+ if (version_str == "ssl3") { |
+ version = net::SSL_PROTOCOL_VERSION_SSL3; |
+ } else if (version_str == "tls1") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1; |
+ } else if (version_str == "tls1.1") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1_1; |
+ } else if (version_str == "tls1.2") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1_2; |
+ } |
+ return version; |
+} |
+ |
+} // namespace |
+ |
+namespace extensions { |
+ |
+const char kTLSSocketTypeInvalidError[] = |
+ "Cannot listen on a socket that's already connected."; |
+ |
+TLSSocket::TLSSocket(net::StreamSocket* tls_socket, |
+ const std::string& owner_extension_id) |
+ : ResumableTCPSocket(owner_extension_id), |
+ tls_socket_(tls_socket) { |
+} |
+ |
+TLSSocket::~TLSSocket() { |
+ Disconnect(); |
+} |
+ |
+void TLSSocket::Connect(const std::string& address, |
+ int port, |
+ const CompletionCallback& callback) { |
+ callback.Run(net::ERR_CONNECTION_FAILED); |
+} |
+ |
+void TLSSocket::Disconnect() { |
+ if (tls_socket_) { |
+ tls_socket_->Disconnect(); |
+ tls_socket_.reset(); |
+ } |
+} |
+ |
+void TLSSocket::Read(int count, |
+ const ReadCompletionCallback& callback) { |
+ DCHECK(!callback.is_null()); |
+ |
+ if (!read_callback_.is_null()) { |
+ callback.Run(net::ERR_IO_PENDING, NULL); |
+ return; |
+ } |
+ |
+ if (count <= 0) { |
+ callback.Run(net::ERR_INVALID_ARGUMENT, NULL); |
+ return; |
+ } |
+ |
+ if (!tls_socket_.get() || !IsConnected()) { |
+ callback.Run(net::ERR_SOCKET_NOT_CONNECTED, NULL); |
+ return; |
+ } |
+ |
+ read_callback_ = callback; |
+ scoped_refptr<net::IOBuffer> io_buffer = new net::IOBuffer(count); |
+ int result = tls_socket_->Read( |
+ io_buffer.get(), count, base::Bind(&TLSSocket::OnReadComplete, |
+ base::Unretained(this), |
+ io_buffer)); |
+ |
+ if (result != net::ERR_IO_PENDING) |
+ OnReadComplete(io_buffer, result); |
+} |
+ |
+void TLSSocket::OnReadComplete(const scoped_refptr<net::IOBuffer>& io_buffer, |
+ int result) { |
+ DCHECK(!read_callback_.is_null()); |
+ base::ResetAndReturn(&read_callback_).Run(result, io_buffer); |
+} |
+ |
+int TLSSocket::WriteImpl(net::IOBuffer* io_buffer, |
+ int io_buffer_size, |
+ const net::CompletionCallback& callback) { |
+ if (!IsConnected()) |
+ return net::ERR_SOCKET_NOT_CONNECTED; |
+ else |
Ryan Sleevi
2014/01/14 01:32:06
style: delete the else here.
("Don't use else aft
lally
2014/01/29 23:57:45
Done.
|
+ return tls_socket_->Write(io_buffer, io_buffer_size, callback); |
+} |
+ |
+bool TLSSocket::SetKeepAlive(bool enable, int delay) { |
+ return false; |
+} |
+ |
+bool TLSSocket::SetNoDelay(bool no_delay) { |
+ return false; |
+} |
+ |
+int TLSSocket::Listen(const std::string& address, |
+ int port, |
+ int backlog, |
+ std::string* error_msg) { |
+ *error_msg = kTLSSocketTypeInvalidError; |
+ return net::ERR_NOT_IMPLEMENTED; |
+} |
+ |
+void TLSSocket::Accept(const AcceptCompletionCallback &callback) { |
+ callback.Run(net::ERR_FAILED, NULL); |
+} |
+ |
+bool TLSSocket::IsConnected() { |
+ return tls_socket_.get() && tls_socket_->IsConnected(); |
+} |
+ |
+bool TLSSocket::GetPeerAddress(net::IPEndPoint* address) { |
+ return IsConnected() && tls_socket_->GetPeerAddress(address); |
+} |
+ |
+bool TLSSocket::GetLocalAddress(net::IPEndPoint* address) { |
+ return IsConnected() && tls_socket_->GetLocalAddress(address); |
+} |
+ |
+Socket::SocketType TLSSocket::GetSocketType() const { |
+ return Socket::TYPE_TLS; |
+} |
+ |
+// static |
+void TLSSocket::UpgradeSocketToTLS( |
+ Socket* socket, |
+ Profile* profile, |
+ net::URLRequestContextGetter* url_request_getter, |
+ const std::string& extension_id, |
+ api::socket::SecureOptions* options, |
+ const SecureCallback& callback) { |
+ DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
+ DCHECK(profile); |
+ |
+ TCPSocket* tcp_socket = static_cast<TCPSocket*>(socket); |
+ |
+ if (!tcp_socket || tcp_socket->GetSocketType() != Socket::TYPE_TCP || |
+ tcp_socket->ClientStream() == NULL || !tcp_socket->IsConnected()) { |
Ryan Sleevi
2014/01/14 01:32:06
style: A bit odd to see !tcp_socket but then "tcp_
lally
2014/01/29 23:57:45
Done.
|
+ DVLOG(1) << "UpgradeSocketToTLS(): failing before trying. socket is " |
+ << tcp_socket << ", type is " << tcp_socket->GetSocketType() |
+ << ", client_stream is " << tcp_socket->ClientStream() |
+ << ", and socket IsConnected: " << tcp_socket->IsConnected(); |
+ TlsConnectDone(NULL, extension_id, callback, net::ERR_INVALID_ARGUMENT); |
+ return; |
+ } |
+ |
+ net::IPEndPoint dest_host_port_pair; |
+ if (!tcp_socket->GetPeerAddress(&dest_host_port_pair)) { |
+ DVLOG(1) << "UpgradeSocketToTLS(): could not get peer address."; |
+ TlsConnectDone(NULL, extension_id, callback, net::ERR_INVALID_ARGUMENT); |
+ return; |
+ } |
+ |
+ net::HostPortPair host_and_port(tcp_socket->hostname(), |
+ dest_host_port_pair.port()); |
+ |
+ // Modeled after P2PSocketHostTcpBase::StartTls() |
+ scoped_ptr<net::ClientSocketHandle> socket_handle( |
+ new net::ClientSocketHandle()); |
+ |
+ // Set the socket handle to the socket's client stream (that should be the |
+ // only one active here). Then have the old socket release ownership on of |
Ryan Sleevi
2014/01/14 01:32:06
nit: extra space here ;)
lally
2014/01/29 23:57:45
Done.
|
+ // that client stream. |
+ socket_handle->SetSocket(scoped_ptr<net::StreamSocket>( |
+ tcp_socket->ClientStream())); |
+ tcp_socket->Release(); |
+ |
+ net::URLRequestContext* url_context = |
+ url_request_getter->GetURLRequestContext(); |
+ DCHECK(url_context); |
+ |
+ net::SSLClientSocketContext context; |
+ context.cert_verifier = url_context->cert_verifier(); |
+ context.transport_security_state = url_context->transport_security_state(); |
+ DCHECK(context.transport_security_state); |
+ |
+ // Fill in the SSL socket params. |
+ net::SSLConfig ssl_config; |
+ profile->GetSSLConfigService()->GetSSLConfig(&ssl_config); |
+ if (options && options->tls_version.get()) { |
+ uint16 version_min = 0, version_max = 0; |
+ api::socket::TLSVersionConstraints* versions = options->tls_version.get(); |
+ if (versions->min.get()) { |
+ version_min = SSLProtocolVersionFromString(*versions->min.get()); |
+ } |
+ if (versions->max.get()) { |
+ version_max = SSLProtocolVersionFromString(*versions->max.get()); |
+ } |
+ if (version_min) { |
+ ssl_config.version_min = version_min; |
+ } |
+ if (version_max) { |
+ ssl_config.version_max = version_max; |
+ } |
+ } |
+ net::ClientSocketFactory* socket_factory = |
+ net::ClientSocketFactory::GetDefaultFactory(); |
+ |
+ // Create the socket. |
+ net::SSLClientSocket* ssl_socket = socket_factory->CreateSSLClientSocket( |
+ socket_handle.Pass(), host_and_port, ssl_config, context).release(); |
+ |
+ DVLOG(1) << "UpgradeSocketToTLS: Attempting to connect to " |
+ << tcp_socket->hostname() << ":" |
+ << dest_host_port_pair.port(); |
+ // Try establish a TLS connection. Pass ownership of ssl_socket to |
+ // TlsConnectDone, which will pass it on to the callback. |
+ int status = ssl_socket->Connect( |
+ base::Bind(&TLSSocket::TlsConnectDone, ssl_socket, extension_id, |
+ callback)); |
+ |
+ // Connect failed, and won't call the callback. Call it now. |
+ if (status != net::ERR_IO_PENDING) { |
+ // Note: this can't recurse -- if 'socket' is already a connected |
+ // TLSSocket, it will return TYPE_TLS instead of TYPE_TCP, failing before |
+ // we get here. If the connection failed, the socket is closed below |
+ // before the callback. If the caller tries to recurse into another |
+ // secure() call, they must have either created a prior socket to try, or |
+ // will have to go through an asynchronous Connect() call first. |
+ DVLOG(1) << "UpgradeSocketToTLS: Status is not IO-pending: " |
+ << net::ErrorToString(status); |
+ TlsConnectDone(ssl_socket, extension_id, callback, status); |
+ } |
+} |
+ |
+// static |
+void TLSSocket::TlsConnectDone(net::SSLClientSocket* ssl_socket, |
Ryan Sleevi
2014/01/14 01:32:06
use scoped_ptr<net::SSLClientSocket> to indicate t
lally
2014/01/29 23:57:45
I tried that, and ended up punting. The issue is
|
+ const std::string& extension_id, |
+ const SecureCallback& callback, |
+ int result) { |
+ DVLOG(1) << "TLSSocket::TlsConnectDone(): got back result " |
+ << result << " (" << net::ErrorToString(result) << ")"; |
+ |
+ // No matter how the TLS connection attempt went, the underlying socket's |
+ // no longer bound to the original TCPSocket. It belongs to ssl_socket_, |
+ // which is promoted here to a new API-accessible socket (via a TLSSocket |
+ // wrapper) or deleted. |
+ if (result != net::OK) { |
+ // Failed TLS connection. This will delete the underlying TCPClientSocket. |
+ delete ssl_socket; |
+ callback.Run(NULL, result); |
+ return; |
+ }; |
+ |
+ // Wrap the StreamSocket in a TLSSocket (which matches the extension socket |
+ // API). Set the handle of the socket to the new value, so that it can be |
+ // used for read/write/close/etc. |
+ TLSSocket* wrapper = new TLSSocket(ssl_socket, extension_id); |
+ |
+ // Caller will end up deleting the prior TCPSocket, once it calls |
+ // SetSocket(..,wrapper). |
+ callback.Run(wrapper, result); |
+} |
+ |
+} // namespace extensions |